jobs:
infracost:
runs-on: ubuntu-latest
strategy:
matrix:
region: ${{fromJson(inputs.AWS_REGION)}}
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ inputs.TERRAFORM_VERSION }}
terraform_wrapper: false
- name: Configure AWS credentials with OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: ${{ secrets.OIDC_CENTRAL_DEPLOY_ROLE }}
aws-region: ${{ matrix.region }}
# role-session-name: aws-terraform
- name: Configuration Setup
working-directory: ${{ inputs.WORKING_DIR }}/${{ matrix.region }}
run: |
sed -i '/bucket=/c\bucket="${{ inputs.STATE_BUCKET }}"'
backend.tf
sed -i '/key=/c\key="${{ inputs.STATE_FILE_PATH }}/${{ matrix.region }}/terraform.tfstate"'
backend.tf
sed -i '/role_arn=/c\role_arn="${{ inputs.OIDC_CENTRAL_DEPLOY_ROLE }}"'
backend.tf
sed -i '/role_arn=/c\role_arn="${{ inputs.ACCESS_ROLE }}"'
provider.tf
terraform init
terraform validate
- name: Setup Infracost
uses: infracost/actions/setup@v2
# See
https://github.com/infracost/actions/tree/master/setup for other inputs
# If you can't use this action, see Docker images in
https://infracost.io/cicd
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}
# Generate Infracost JSON file as the baseline. --format=json
- name: Generate Infracost cost estimate baseline
run: |
mkdir -p /tmp/${{ inputs.WORKING_DIR }}
infracost breakdown --path=${{ inputs.WORKING_DIR }}/${{ matrix.region }}
infracost breakdown --path=${{ inputs.WORKING_DIR }}/${{ matrix.region }} --format=json --out-file=/tmp/${{ inputs.WORKING_DIR }}/${{ matrix.region }}-base.json
- name: Generate Infracost diff
run: |
infracost diff --path=${{ inputs.WORKING_DIR }}/${{ matrix.region }} --compare-to=/tmp/${{ inputs.WORKING_DIR }}/${{ matrix.region }}-base.json
infracost diff --path=${{ inputs.WORKING_DIR }}/${{ matrix.region }} --compare-to=/tmp/${{ inputs.WORKING_DIR }}/${{ matrix.region }}-base.json --format=json --out-file=/tmp/${{ inputs.WORKING_DIR }}/${{ matrix.region }}-diff.json
- name: Post Infracost comment
if: github.event_name == 'pull_request'
run: |
infracost comment github --path=/tmp/${{ inputs.WORKING_DIR }}/${{ matrix.region }}-diff.json --repo=$GITHUB_REPOSITORY --github-token=${{ secrets.GIT_TOKEN }} --pull-request=${{github.event.pull_request.number}} --behavior=new